Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 7.2.1 - Safeguard Desktop Player User Guide

Summary of changes Features and limitations Installing Safeguard Desktop Player First steps Validating audit trails Replaying audit trails Replaying encrypted audit trails Replaying encrypted audit trails from the command line Replaying audit files in follow mode Searching in the content of the current audit file Search query examples Exporting the audit trail as video Exporting the sound from an audit trail Exporting zat and zatx files Sharing an encrypted audit trail Replaying X11 sessions Exporting transferred files from SCP, SFTP, HTTP, and RDP audit trails Exporting raw network traffic in PCAP format Exporting screen content text Troubleshooting the Safeguard Desktop Player Keyboard shortcuts

First steps

Thank you for installing the Safeguard Desktop Player

Now you can start using the Safeguard Desktop Player application to replay audit trail files that you have downloaded from One Identity Safeguard for Privileged Sessions (SPS). This guide will help you to get started with using the Safeguard Desktop Player.

The following figure displays the UI of the Safeguard Desktop Player application.

Figure 7: Safeguard Desktop Player

Getting started with the Safeguard Desktop Player

This section shortly describes the main functions and the UI elements of the Safeguard Desktop Player.

Figure 8: Safeguard Desktop Player > Details page

  1. Audit trail play button

    Click the thumbnail at the top, on the left, or click in the Channels section of the screen. To play an encrypted audit trail, you need to have the appropriate certificates. For details, see "Replaying encrypted audit trails" in the Safeguard Desktop Player User Guide.

  2. Audit trail data

    The most important data about the audit trail, including usernames (if available) and IP addresses. To display more metadata about a specific channel in the audit trail, click in the list of channels. These details include the parameters available on the SPS Search page (for details, see "Using the Search interface" in the Administration Guide), and other parameters, for example, the size of the desktop or the terminal.

  3. Date of the recording

    Starting date and duration.

  4. Location of the audit trail file

    Click the path to open the folder in your file manager.

  5. Validation results

    When you open an audit trail, the Safeguard Desktop Player checks if you can access both the upstream and downstream traffic from the audit trail (you must have access at least to the downstream traffic to replay the audit trail), and validates the digital signature and the timestamp. The icon means that the trail is not signed or timestamped. For details, see "Validating audit trails" in the Safeguard Desktop Player User Guide.

  6. Terminal Encodings

    When you are replaying terminal-based audit trails, for example, SSH or TELNET, you can set the character encoding of the displayed text. After changing the encoding, click Re-render trail.

  7. Channels

    To select a channel, click .

  8. Export

    The Export button exports the audit trail to a video file. The exported files use the WEBM format with the VP8 codec. For details, see "Exporting the audit trail as video" in the Safeguard Desktop Player User Guide.

  9. Warnings

    Warnings and errors that occurred during opening and processing the audit trail file. If there are warnings or errors, the Warnings UI element is displayed under the Search field.

    Figure 9: Warnings

  10. Settings

    You have the following settings options:

    • Import the required certificate to replay an encrypted audit trail. For more information, see Replaying encrypted audit trails.

    • Open Preferences, which you can use to set the application language, select a keyboard layout, select how you want to display the window title events on the seeker and in subtitles, and so on. For more information, see Preferences for the Safeguard Desktop Player.

    • Open the documentation in your browser.

  11. Search

    You can search in the trail content of the current audit trail, for example, in commands that the user executed in the session, or to find a specific text that was displayed on the screen. Available only for terminal sessions. For details, see Searching in the content of the current audit file.

The Search window of Safeguard Desktop Player

This section provides information on the options that you can use in the Search window.

Search

You can search in the trail content of the current audit trail, for example, in commands that the user executed in the session, or to find a specific text that was displayed on the screen. Available only for terminal sessions. For details, see Searching in the content of the current audit file.

  1. Play/pause, replay

    Start or pause replaying the audit trail. You can also click the video to start or pause replaying.

  2. Jump to previous event

    Click this button to jump to the previous user event. User events that occurred in the session (such as window titles that appeared on the screen, commands executed, mouse activity, keystrokes) are marked in the seeker.

  3. Jump to next event

    Click this button to jump to the next event. User events that occurred in the session (such as window titles that appeared on the screen, commands executed, mouse activity, keystrokes) are marked in the seeker.

  4. Current time and timestamp

    Time elapsed since the beginning of the audit trail, and the corresponding date.

  5. End time and timestamp

    Length of the audit trail and the date when the session ended.

  6. Change replay speed

  7. Seek preview

    Click the seeker to jump to a specific location in the audit trail.

  8. Scale video

    When enabled, the replayed audit trail is resized to fit the window. Clear to show the original size. You can also double-click on the video to toggle resizing.

  9. Back to the summary page

    Open the summary page of the audit trail

  10. Configure seeker indicators

    Click to configure the visibility of indicators for user events on the seeker. Seeker indicators show on a single timeline the user events that occurred during a session. Clicking a seeker indicator takes you to the relevant user event in the audit trail. User events are window titles that appeared on the screen, commands executed, mouse activity, keystrokes, and any on-screen change.

  11. Display subtitles

    Click to display subtitles for the video. Subtitles list user events as they occurred in the session. Events that are shown in subtitles are window titles that appeared on the screen, commands executed, mouse activity, and keystrokes.

  12. Search in trail content

    Search in the contents of the current audit trail, for example, in commands that the user executed in the session, or to find a specific text that was displayed on the screen. This option is available only for terminal sessions. For details, see Searching in the content of the current audit file.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating